Inside | Real news, curated by real humans
Inside Security

Inside Security (Feb 9th, 2018)

David’s Take:  RIP Barlow

John Perry Barlow died in his sleep earlier this week. He was one of the founding fathers of the Electronic Frontier Foundation and a member of the Grateful Dead. He played a large role in championing electronic freedoms and was an important early voice as the Internet became more popular. He was a prolific writer and most known for his "A Declaration of the Independence of Cyberspace", which was written in response to the enactment of the Communications Decency Act in 1996. On an EFF tribute page, he is quoted as saying "I knew it’s also true that a good way to invent the future is to predict it. So I predicted Utopia, hoping to give Liberty a running start before the laws of Moore and Metcalfe delivered up what Ed Snowden now correctly calls 'turn-key totalitarianism.'” Vint Cerf, who knew him well, noted how his “unmatched lyrical power of speech drew us all to visionary heights,” about the Internet, “in which he played such a colorful and forceful role.”

Here is Barlow in a conversation with Edward Snowden back in 2014 talking about the need for online privacy and solid encryption to engender trust. And in his TED talk in 2011, he speaks about the rights of individual expression online. “I am from Wyoming, and have never been very comfortable when I see well-armed men wandering around places that they don’t understand,” talking about when he was visited by FBI agents. He was in poor health for the past several years, and he will be missed.

David Strom, editor of Inside Security

  • Email gray
  • Permalink gray

Top Story: infraud arrests

The US Department of Justice has charged 36 members of the criminal gang Infraud Organization, a large and highly organized online credit card fraud ring believed responsible for more than $530M in losses since 2010. Infraud has been a leading source for buying and selling stolen payment card data, running an online forum that at its peak attracted 11,000 members. Krebs, who has studied the gang for years, claims that some people may not be correctly identified yet: several of those listed by the DOJ are just id’ed as John Doe’s.  Several members are from outside the US. – US DOJ

  • Email gray
  • Permalink gray

Attacks

Data on around 800,000 Swisscom customers has been leaked last year and only recently identified. Security at an external sales partner caused the breach, which did not involve personal data. It was discovered during a routine audit showing mismatched access rights to the data. The company has put in place a new policy that bans high-volume data queries, and added MFA for access. -- REUTERS

  • Email gray
  • Permalink gray

Over 12,000 social media accounts have been exposed in a recent breach. The accounts are from leading brand influencers maintained by Octoly and were found by Upguard’s Chris Vickery on an open AWS server. What is infuriating about this situation was the number of times Upguard had to go back to Octoly to tell them that their efforts to secure the data weren’t successful.

  • Email gray
  • Permalink gray

Krebs has frequently written about ATM skimmers, devices that are placed on top of the card reader to collect user data. Now he has a security video showing how one criminal adds his skimmer at a busy supermarket checkout lane. You’ll have to watch the clip several times before you can see what is going on. – KREBS ON SECURITY

  • Email gray
  • Permalink gray

Earlier this month, a break-in at the Italian Democratic party HQ took place in Florence Italy and was attributed to the hacking group AnonPlus. A CSV file of thousands of party members personal data was posted online, and dates back several years. The cause was likely a SQL injection attack. – ARNKRONOS (in Italian)

  • Email gray
  • Permalink gray

Reports

A large sampling of identity victims that has been conducted over several years has found that the number of victims increased by eight percent, rising to 16.7M U.S. consumers. The study characterizes various different threat types as shown here. The report recommends using MFA tools and security freezes on credit accounts.  – JAVELIN STRATEGY

  • Email gray
  • Permalink gray

A survey of more than 7,500 consumers across five different countries last December shows various privacy concerns and how they differ around the world. For example, more than half the Germans surveyed were protective of their genetic data compared to lower rates in France and Italy. Americans are the most concerned about their location data when compared to other countries. A large portion of respondents said they falsified data intentionally to mislead marketers. -- RSA REPORT

  • Email gray
  • Permalink gray

A report from Agari on email fraud shows continued low DMARC adoption and called the number of domains implementing the protocol “minuscule,” although government domains had higher adoption rates.  Sadly, 92 percent of the F500 still don’t use DMARC.  The data is based on their analysis of DNS records across the Internet.

  • Email gray
  • Permalink gray

Blockchain has several different security applications and this article reviews six of them, such as endpoint security, better data integrity, encrypted messaging, and a more secure DNS. Examples of startups offering these services are also described. – CSO ONLINE

  • Email gray
  • Permalink gray

Methods and tools

This describes how users with ‘CreateTrail’ permissions within an AWS CloudTrail account can attempt to create a process with a malicious Excel formula as the name. This allows for a CSV file to be injected into the AWS system so that an attacker can run malicious code on a user’s computer. It is all quite clever. – RHINO SECURITY

  • Email gray
  • Permalink gray

Just for fun

Yes, how about them traps? -- BUTTERSAFE@TWITTER

  • Email gray
  • Permalink gray

Subscribe to Inside Security

MORE NEWSLETTERS

Rob May's roundup of stories and commentary on Artificial Intelligence, Robotics, and Neurotechnology

Inside AI

Rob May's roundup of stories and commentary on Artificial Intelligence, Robotics, and Neurotechnology

WEEKLY
Rob May's roundup of stories and commentary on Artificial Intelligence, Robotics, and Neurotechnology

Inside AI

WEEKLY

SUBSCRIBED!

Share via

For those in the business of buying, selling, and developing real estate.

Inside Real Estate

For those in the business of buying, selling, and developing real estate.

TWICE WEEKLY
For those in the business of buying, selling, and developing real estate.

Inside Real Estate

TWICE WEEKLY

SUBSCRIBED!

Share via

Electric vehicles, self-driving automobiles, smart cars and the world of 21st century transportation

Inside Automotive

Electric vehicles, self-driving automobiles, smart cars and the world of 21st century transportation

TWICE WEEKLY
Electric vehicles, self-driving automobiles, smart cars and the world of 21st century transportation

Inside Automotive

TWICE WEEKLY

SUBSCRIBED!

Share via

A thoughtful roundup of news and links for developers

Inside Dev

A thoughtful roundup of news and links for developers

WEEKLY
A thoughtful roundup of news and links for developers

Inside Dev

WEEKLY

SUBSCRIBED!

Share via